Attention: macOS code signing!

Hi,
please make sure that if you code sign your plug-ins that the code signature is valid. We now see plug-ins that are signed, but with an invalid code signature which will trigger a crash on load in any hardened runtime enabled host.

To verify that your code signature is valid please run

codesign -v PLUGINPATH

The result should be either no output at all or

code object is not signed at all

Because unsigned code will still be loaded if allowed by the host, but invalid signed code will be rejected.

Cheers,
Arne

What’s the right option to choose there?

Could you elaborate how the host would allow that? Is there a way in 2021 with MacOS 11 that allows for unsigned a notarized code to be executed?

The post was from a time where macOS 11 was not available. For macOS 11 you need to code sign, but you can use “code sign to run locally” or via command line: “codesign - $pathToCodeSign”

Just to clarify: “code sign to run locally” only allows me to test the code on this local machine, but as soon as I want to give the alpha or beta version to someone else I need to have payed for an Apple Developer license and have someone at Apple notarize my code. Right?

Yes I think so.

1 Like

As an author of many free VST plugin it really bites that I will now have to pay $99 a year to Apple just so that my free VST plugins can run on newer Macs. I know this is not VST fault but that still sucks :frowning: . Apple has finally found a way to make everybody pay even if you don’t publish your app and/or plugins in the store…

1 Like

I believe you want Developer ID Application.

1 Like